According to a report by the European Central Bank, more than five years after its inception in January 2016, standard number 239 of the Basel Committee on Banking Supervision (BCBS 239) has not been well adopted by the institutions bound by it.
Ben Beeching, EMEA Marketing Manager, MEGA International
MEGA International sponsored the Virtual Business Change & Transformation Conference Europe 17-19 May, London.
In this article, we look at the standard in more detail, and assess how Enterprise Architecture can assist with its implementation.
The simple guide to BCBS 239
BCBS 239 deals with principles for effective risk data aggregation and risk reporting. In short, the standard is intended to fortify banks’ internal procedures for reporting risks, and their risk data aggregation capabilities. On successful implementation of the standard, the end objective is that risk management and risk-related decision making processes are improved and simplified.
The standard stipulates that participating banks produce risk management reports that span all material risk areas across their organisation. As for how detailed these reports need to be, the standard specifies that the depth and scope should be consistent with each institution’s risk profile, the scale and complexity of its operations, and the requirements of the reports’ recipients.
So where are organisations going wrong?
According to the European Central Bank’s Thematic Review on Effective Risk Data Aggregation and Risk Reporting, “thus far, none of those significant institutions – some of which are classified as global systematically important banks – have fully implemented the BCBS 239 principles. Weaknesses stem mainly from a lack of clarity regarding responsibility and accountability for data quality”.
The report goes on to conclude that “full implementation of the BCBS principles will probably not be achieved any time soon, as several credit institutions’ implementation schedules are set to run until the end of 2019 and beyond”.
According to Deloitte, “there is no question that many banks need to address and further develop their Risk Data Aggregation and Risk Reporting (RDARR) capabilities. Many banks lack the ability to efficiently and effectively provide senior management with a true picture of the risks the organisation faces. This inability poses a significant threat, not only to the well-being of individual financial institutions, but to the entire banking system and the global economy”.
While this report was delivered in May 2018, at the time of writing this article, there had been no updates published that supersede it. This appears to suggest that no significant progress has been made.
The main principles of BCBS 239
The standard is comprised of 14 key principles, with 10 being fundamental to infrastructure and data management.
From a governance point of view, financial institutions’ risk data aggregation capabilities and risk reporting procedures are required to be subject to strict governance processes consistent with other Basel Committee guidance. The organisation’s data architecture and IT infrastructures should be built around supporting the risk data aggregation capabilities both in terms of normal business and in challenging or crisis periods.
Risk data aggregation capability requirements laid out in BCBS 239 centre around eight main areas. Accuracy and integrity of reporting on a primarily automated basis is a fundamental of this, as is the completeness and timeliness of the data. Reporting is also required to be adaptable, with a wide range of reporting able to be generated on demand and ad-hoc as required to cater for internal demands and regulatory investigations.
Risk reporting practices are also handled in detail in the standard, with accuracy, comprehensiveness, clarity and usefulness, and frequency spelled out in detail. Although specific metrics or targets are not stipulated in the BCBS 239 text, the principles and expectations of them are clear.
How enterprise architecture can help banks improve BCBS 239 implementation
A lack of data visibility, lack of data ownership, and non-interoperability of applications are some of the root causes of banks’ issues with BCBS 239 implementation.
Challenges arise from the increasing volume and tracking of data across ever-expanding portfolios of devices and cloud applications, and the conceptual, logical and physical layers of data being managed in silos. Problems are also exacerbated by a lack of clear responsibilities around data, and in identifying data sources of applications managed in isolation of one another.
Non-interoperability of applications also leads to expensive and inflexible point-to-point interactions between separate functions, and furthermore interoperability cannot be ensured due to poor visibility of other IT systems and business processes.
Effective management of data glossaries is a fundamental principle of EA, and it can assist with:
- Discovering logical data from database structures
- Building a business glossary (conceptual layer) based on IT data,
- Defining the scope of data documentation and set responsibilities to ensure maintenance
- Communicating the data dictionary to the organisation through the centralised EA portal
Analysing data lineage can also assist in describing the transformations that happen to data, and in linking data to applications and processes in order to understand its usage.
Lastly, a well-implemented EA practice can also rationalise the use of data in projects. This enables the data glossary to be browsed for concepts and attributes on new projects so as to re-use existing data and avoid creating duplicates. It can also succeed in identifying golden sources of data and APIs to create the most suitable architectures.
The Banking Industry Architecture Network
Established in 2008, the Banking Industry Architecture Network (BIAN) is an independent, member owned, not-for-profit association, designed to build and promote a common architectural framework for banks around the world to address interoperability issues.
This enables participating members to utilise the service landscape models directly in EA tools that have integrations with BIAN. With this integration, value can be created more rapidly through the use of a standardised framework.
BIAN’s goal is to define operability and semantic definitions for IT services in the banking industry. The organisation is a collaborative not-for-profit ecosystem formed of leading banks, technology providers, consultants and academics from all over the world. It helps professionals to lower the cost of banking, increase their speed to innovation in the industry, and boosts banks’ activities by revisiting and navigating around their existing resources.
Founded in 1991, MEGA International have been a global market leader for over ten years. We partner with customers to improve governance and accelerate transformation by leveraging technology. Rooted in our values, we believe that innovation, performance, agility and people are the keys to success – and together accelerate the creation of value.
Copyright Ben Beeching, EMEA Marketing Manager, MEGA International
References
https://www.bis.org/publ/bcbs239.pdf
https://www.bankingsupervision.europa.eu/ecb/pub/pdf/ssm.BCBS_239_report_201805.pdf
https://www.mckinsey.com/business-functions/risk/our-insights/living-with-bcbs-239